In direct mode, what permissions does the Business Connector use?
In AX 2009, the Business Connector can run in direct or indirect mode.
In indirect mode, you use LogonAs to impersonate an AX user, and you inherit all their permissions. I understand that, it makes sense; I'm good with it.
Now... in direct mode, the Business Connector runs under the proxy account, which (by the installation checklist) cannot be associated with a user account in AX. So, what permissions do you have in AX while in direct mode--unlimited access to all tables and classes?
Two more items:
The AX documentation lists four security keys for controlling the Business Connector: SysCom, SysComData, SysComExecution, and SysComIIS. However, these keys aren't assigned to any objects, user groups, or tables in AX. How do they come into play? You can't assign more than one key to an object in the AOT, and I definitely won't be removing my standard keys to add in Business Connector keys.
I also have a reference book, Inside Dynamics AX 2009. Great book, but the explanation for direct mode makes even less sense. "The direct approach uses the credentials of the current Dynamics AX User." WHICH USER? We have a client application server using the Business Connector to connect to an AX server with hundreds of users. In direct mode, does the Business Connector just pick rights from any logged in user at will? What if no users are logged in?
So. If anyone understands it. I'd really like to understand.
Thanks!
"The direct approach uses the credentials of the current Dynamics AX User." - When using AX BC, it is usually for connections that exist outside of AX (SSRS, EP, Rolecenters, Workflow). BC acts as a proxy for the user. Meaning if you log into the SSRS Website and attempt to run a report, the BC will act as your account and will have the same access to the data and tables within AX that you would have.